167 matches found
CVE-2019-2844
Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite subcomponent: LDAP Client Tools. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to...
CVE-2019-2844
CVE-2019-2844 affects the LDAP Client Tools subcomponent of Oracle Solaris 11.4. The vulnerability is described as easily exploitable, permitting a low-privileged attacker with logon to the Solaris host to compromise the system, with potential impact on confidentiality, integrity, and availabilit...
Oracle Solaris Component Access Control Error Vulnerability (CNVD-2019-28101)
Oracle Sun Systems Products Suite is a suite of Sun systems products from Oracle Corporation, of which Solaris is one of the computer operating system components. A security vulnerability exists in the LDAP Client Tools subcomponent of the Solaris component of the Oracle Sun Systems Products Suit...
Oracle Solaris Critical Patch Update : jul2019_SRU11_4_11_4_0
This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Sun Systems Products Suite component: Open Fabrics Tools. The supported version that is affected is 11.4. Difficult to exploit vulnerability allows...
postgresql: Uncontrolled search path element in pg_dump and other client applications
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database...
Privilege escalation
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools aka pe-client-tools 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation...
CVE-2018-6516
On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools aka pe-client-tools 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation...
CVE-2018-6516
CVE-2018-6516 affects Puppet Enterprise client tools on Windows. A specially crafted configuration file could cause the PE client tools (pe-client-tools) 16.4.x before 16.4.6, 17.3.x before 17.3.6, and 18.1.x before 18.1.2 to load arbitrary code with privilege escalation. Connected sources confir...
CVE-2015-1777
rhnregks in Red Hat Network Client Tools aka rhn-client-tools on Red Hat Gluster Storage 2.1 and Enterprise Linux RHEL 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle atta...
CVE-2015-1777
rhnregks in Red Hat Network Client Tools aka rhn-client-tools on Red Hat Gluster Storage 2.1 and Enterprise Linux RHEL 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle atta...
Code injection
rhnregks in Red Hat Network Client Tools aka rhn-client-tools on Red Hat Gluster Storage 2.1 and Enterprise Linux RHEL 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle atta...
CVE-2015-1777
CVE-2015-1777 affects rhnreg_ks in Red Hat Network Client Tools (rhn-client-tools) on Red Hat Gluster Storage 2.1 and RHEL 5, 6, 7. The component fails to properly validate hostnames in X.509 certificates from SSL servers, enabling a remote MITM that can prevent system registration. Root cause: h...
CVE-2015-1777
rhnregks in Red Hat Network Client Tools aka rhn-client-tools on Red Hat Gluster Storage 2.1 and Enterprise Linux RHEL 5, 6, and 7 does not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to prevent system registration via a man-in-the-middle atta...
SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2017:1347-1)
The following security issue in spacewalk-backend has been fixed : - Non admin or disabled user cannot make changes to a system anymore using spacewalk-channel. bsc1026633, CVE-2017-7470 The update package also includes non-security fixes. See advisory for details. Note that Tenable Network...
SUSE-RU-2017:0174-1 Recommended update for SUSE Manager Client Tools
This update fixes the following issues: osad: - Fix logfile option for osa-dispatcher. bsc980752 salt: - Update to 2015.8.12 - Add pre-require to salt for minions. - Do not restart salt-minion in salt package. - Add try-restart to sys-v init scripts. - Add 'Restart=on-failure' for salt-minion...
SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2016:1366-1)
This update for SUSE Manager Client Tools provides the following fixes and enhancements : rhnlib : - Use TLSv1METHOD in SSL Context bsc970989 suseRegisterInfo : - Fix file permissions bsc970550 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE...
SUSE-SU-2016:1366-1 Recommended udpate for SUSE Manager Client Tools
This update for SUSE Manager Client Tools provides the following fixes and enhancements: rhnlib: - Use TLSv1METHOD in SSL Context bsc970989 suseRegisterInfo: - Fix file permissions bsc970550...
Important: Red Hat Security Advisory: Red Hat Storage 2.0 security, bug fix, and enhancement update #4
Updated Red Hat Storage 2.0 packages that fix multiple security issues, several bugs, and add enhancements are now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...
[SECURITY] Fedora 16 Update: squid-3.2.5-1.fc16
Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DN...
Scientific Linux Security Update : rhn-client-tools on SL5.x i386/x86_64
It was discovered that rhn-client-tools set insecure permissions on the loginAuth.pkl file, used to store session credentials for authenticating connections to servers. A local, unprivileged user could use these credentials to download packages they wouldn't normally have permission to download...